blob: 12bdad0f9c331b515c32ef0868d2c70fd57ca8b8 [file] [log] [blame]
Neale Ranns17dcec02019-01-09 21:22:20 -08001/* Hey Emacs use -*- mode: C -*- */
Pavel Kotucek9c7ef032016-12-21 07:46:45 +01002/*
3 * Copyright (c) 2015-2016 Cisco and/or its affiliates.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Neale Ranns17dcec02019-01-09 21:22:20 -080017option version = "3.0.0";
18
19import "vnet/ip/ip_types.api";
Neale Rannsc87b66c2019-02-07 07:26:12 -080020import "vnet/interface_types.api";
Dave Barach0d056e52017-09-28 15:11:16 -040021
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010022/** \brief IPsec: Add/delete Security Policy Database
23 @param client_index - opaque cookie to identify the sender
24 @param context - sender context, to match reply w/ request
25 @param is_add - add SPD if non-zero, else delete
26 @param spd_id - SPD instance id (control plane allocated)
27*/
28
Dave Barach11b8dbf2017-04-24 10:46:54 -040029autoreply define ipsec_spd_add_del
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010030{
31 u32 client_index;
32 u32 context;
33 u8 is_add;
34 u32 spd_id;
35};
36
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010037/** \brief IPsec: Add/delete SPD from interface
38
39 @param client_index - opaque cookie to identify the sender
40 @param context - sender context, to match reply w/ request
41 @param is_add - add security mode if non-zero, else delete
42 @param sw_if_index - index of the interface
43 @param spd_id - SPD instance id to use for lookups
44*/
45
46
Dave Barach11b8dbf2017-04-24 10:46:54 -040047autoreply define ipsec_interface_add_del_spd
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010048{
49 u32 client_index;
50 u32 context;
51
52 u8 is_add;
53 u32 sw_if_index;
54 u32 spd_id;
55};
56
Neale Ranns17dcec02019-01-09 21:22:20 -080057
58enum ipsec_spd_action
59{
60 /* bypass - no IPsec processing */
61 IPSEC_API_SPD_ACTION_BYPASS = 0,
62 /* discard - discard packet with ICMP processing */
63 IPSEC_API_SPD_ACTION_DISCARD,
64 /* resolve - send request to control plane for SA resolving */
65 IPSEC_API_SPD_ACTION_RESOLVE,
66 /* protect - apply IPsec policy using following parameters */
67 IPSEC_API_SPD_ACTION_PROTECT,
68};
69
70/** \brief IPsec: Security Policy Database entry
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010071
72 See RFC 4301, 4.4.1.1 on how to match packet to selectors
73
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010074 @param spd_id - SPD instance id (control plane allocated)
75 @param priority - priority of SPD entry (non-unique value). Used to order SPD matching - higher priorities match before lower
76 @param is_outbound - entry applies to outbound traffic if non-zero, otherwise applies to inbound traffic
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010077 @param remote_address_start - start of remote address range to match
78 @param remote_address_stop - end of remote address range to match
79 @param local_address_start - start of local address range to match
80 @param local_address_stop - end of local address range to match
Neale Ranns17dcec02019-01-09 21:22:20 -080081 @param protocol - protocol type to match [0 means any] otherwise IANA value
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010082 @param remote_port_start - start of remote port range to match ...
83 @param remote_port_stop - end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE]
84 @param local_port_start - start of local port range to match ...
85 @param local_port_stop - end of remote port range to match [0 to 65535 means ANY, 65535 to 0 means OPAQUE]
Neale Ranns17dcec02019-01-09 21:22:20 -080086 @param policy - action to perform on match
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010087 @param sa_id - SAD instance id (control plane allocated)
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010088*/
Neale Ranns17dcec02019-01-09 21:22:20 -080089typedef ipsec_spd_entry
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010090{
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010091 u32 spd_id;
92 i32 priority;
93 u8 is_outbound;
94
Neale Ranns17dcec02019-01-09 21:22:20 -080095 u32 sa_id;
96 vl_api_ipsec_spd_action_t policy;
Pavel Kotucek9c7ef032016-12-21 07:46:45 +010097 u8 protocol;
98
Neale Ranns17dcec02019-01-09 21:22:20 -080099 // Selector
Neale Ranns17dcec02019-01-09 21:22:20 -0800100 vl_api_address_t remote_address_start;
101 vl_api_address_t remote_address_stop;
102 vl_api_address_t local_address_start;
103 vl_api_address_t local_address_stop;
104
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100105 u16 remote_port_start;
106 u16 remote_port_stop;
107 u16 local_port_start;
108 u16 local_port_stop;
Neale Ranns17dcec02019-01-09 21:22:20 -0800109};
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100110
Neale Ranns17dcec02019-01-09 21:22:20 -0800111/** \brief IPsec: Add/delete Security Policy Database entry
112
113 @param client_index - opaque cookie to identify the sender
114 @param context - sender context, to match reply w/ request
115 @param is_add - add SPD if non-zero, else delete
116 @param entry - Description of the entry to add/dell
117*/
Neale Rannsa09c1ff2019-02-04 01:10:30 -0800118define ipsec_spd_entry_add_del
Neale Ranns17dcec02019-01-09 21:22:20 -0800119{
120 u32 client_index;
121 u32 context;
122 u8 is_add;
123 vl_api_ipsec_spd_entry_t entry;
124};
125
Neale Rannsa09c1ff2019-02-04 01:10:30 -0800126/** \brief IPsec: Reply Add/delete Security Policy Database entry
127
128 @param context - sender context, to match reply w/ request
129 @param retval - success/fail rutrun code
130 @param stat_index - An index for the policy in the stats segment @ /net/ipec/policy
131*/
132define ipsec_spd_entry_add_del_reply
133{
134 u32 context;
135 i32 retval;
136 u32 stat_index;
137};
138
Neale Ranns17dcec02019-01-09 21:22:20 -0800139/** \brief Dump IPsec all SPD IDs
140 @param client_index - opaque cookie to identify the sender
141 @param context - sender context, to match reply w/ request
142*/
143define ipsec_spds_dump {
144 u32 client_index;
145 u32 context;
146};
147
148/** \brief Dump IPsec all SPD IDs response
149 @param client_index - opaque cookie to identify the sender
150 @param spd_id - SPD instance id (control plane allocated)
151 @param npolicies - number of policies in SPD
152*/
153define ipsec_spds_details {
154 u32 context;
155 u32 spd_id;
156 u32 npolicies;
157};
158
159/** \brief Dump ipsec policy database data
160 @param client_index - opaque cookie to identify the sender
161 @param context - sender context, to match reply w/ request
162 @param spd_id - SPD instance id
163 @param sa_id - SA id, optional, set to ~0 to see all policies in SPD
164*/
165define ipsec_spd_dump {
166 u32 client_index;
167 u32 context;
168 u32 spd_id;
169 u32 sa_id;
170};
171
172/** \brief IPsec policy database response
173 @param context - sender context which was passed in the request
174 €param entry - The SPD entry.
175 @param bytes - byte count of packets matching this policy
176 @param packets - count of packets matching this policy
177*/
178define ipsec_spd_details {
179 u32 context;
180 vl_api_ipsec_spd_entry_t entry;
Neale Ranns17dcec02019-01-09 21:22:20 -0800181};
182
183/*
184 * @brief Support cryptographic algorithms
185 */
186enum ipsec_crypto_alg
187{
188 IPSEC_API_CRYPTO_ALG_NONE = 0,
189 IPSEC_API_CRYPTO_ALG_AES_CBC_128,
190 IPSEC_API_CRYPTO_ALG_AES_CBC_192,
191 IPSEC_API_CRYPTO_ALG_AES_CBC_256,
192 IPSEC_API_CRYPTO_ALG_AES_CTR_128,
193 IPSEC_API_CRYPTO_ALG_AES_CTR_192,
194 IPSEC_API_CRYPTO_ALG_AES_CTR_256,
195 IPSEC_API_CRYPTO_ALG_AES_GCM_128,
196 IPSEC_API_CRYPTO_ALG_AES_GCM_192,
197 IPSEC_API_CRYPTO_ALG_AES_GCM_256,
198 IPSEC_API_CRYPTO_ALG_DES_CBC,
199 IPSEC_API_CRYPTO_ALG_3DES_CBC,
200};
201
202/*
203 * @brief Supported Integrity Algorithms
204 */
205enum ipsec_integ_alg
206{
207 IPSEC_API_INTEG_ALG_NONE = 0,
208 /* RFC2403 */
209 IPSEC_API_INTEG_ALG_MD5_96,
210 /* RFC2404 */
211 IPSEC_API_INTEG_ALG_SHA1_96,
212 /* draft-ietf-ipsec-ciph-sha-256-00 */
213 IPSEC_API_INTEG_ALG_SHA_256_96,
214 /* RFC4868 */
215 IPSEC_API_INTEG_ALG_SHA_256_128,
216 /* RFC4868 */
217 IPSEC_API_INTEG_ALG_SHA_384_192,
218 /* RFC4868 */
219 IPSEC_API_INTEG_ALG_SHA_512_256,
220};
221
222enum ipsec_sad_flags
223{
224 IPSEC_API_SAD_FLAG_NONE = 0,
225 /* Enable extended sequence numbers */
Damjan Marion1e3aa5e2019-03-28 10:58:59 +0100226 IPSEC_API_SAD_FLAG_USE_ESN = 0x01,
Neale Ranns17dcec02019-01-09 21:22:20 -0800227 /* Enable Anti-replay */
228 IPSEC_API_SAD_FLAG_USE_ANTI_REPLAY = 0x02,
229 /* IPsec tunnel mode if non-zero, else transport mode */
230 IPSEC_API_SAD_FLAG_IS_TUNNEL = 0x04,
231 /* IPsec tunnel mode is IPv6 if non-zero,
232 * else IPv4 tunnel only valid if is_tunnel is non-zero */
233 IPSEC_API_SAD_FLAG_IS_TUNNEL_V6 = 0x08,
234 /* enable UDP encapsulation for NAT traversal */
235 IPSEC_API_SAD_FLAG_UDP_ENCAP = 0x10,
236};
237
238enum ipsec_proto
239{
240 IPSEC_API_PROTO_ESP,
241 IPSEC_API_PROTO_AH,
242};
243
244typedef key
245{
246 /* the length of the key */
247 u8 length;
248 /* The data for the key */
249 u8 data[128];
250};
251
252/** \brief IPsec: Security Association Database entry
253 @param client_index - opaque cookie to identify the sender
254 @param context - sender context, to match reply w/ request
255 @param is_add - add SAD entry if non-zero, else delete
256 @param sad_id - sad id
257 @param spi - security parameter index
258 @param protocol - 0 = AH, 1 = ESP
259 @param crypto_algorithm - a supported crypto algorithm
260 @param crypto_key - crypto keying material
261 @param integrity_algorithm - one of the supported algorithms
262 @param integrity_key - integrity keying material
263 @param tunnel_src_address - IPsec tunnel source address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
264 @param tunnel_dst_address - IPsec tunnel destination address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
Neale Ranns8d7c5022019-02-06 01:41:05 -0800265 @param tx_table_id - the FIB id used for encapsulated packets
Neale Ranns80f6fd52019-04-16 02:41:34 +0000266 @param salt - for use with counter mode ciphers
Neale Ranns17dcec02019-01-09 21:22:20 -0800267 */
268typedef ipsec_sad_entry
269{
270 u32 sad_id;
271
272 u32 spi;
273
274 vl_api_ipsec_proto_t protocol;
275
276 vl_api_ipsec_crypto_alg_t crypto_algorithm;
277 vl_api_key_t crypto_key;
278
279 vl_api_ipsec_integ_alg_t integrity_algorithm;
280 vl_api_key_t integrity_key;
281
282 vl_api_ipsec_sad_flags_t flags;
283
284 vl_api_address_t tunnel_src;
285 vl_api_address_t tunnel_dst;
Neale Ranns8d7c5022019-02-06 01:41:05 -0800286 u32 tx_table_id;
Neale Ranns80f6fd52019-04-16 02:41:34 +0000287 u32 salt;
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100288};
289
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100290/** \brief IPsec: Add/delete Security Association Database entry
291 @param client_index - opaque cookie to identify the sender
292 @param context - sender context, to match reply w/ request
Neale Ranns17dcec02019-01-09 21:22:20 -0800293 @param entry - Entry to add or delete
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100294 */
Neale Rannseba31ec2019-02-17 18:04:27 +0000295define ipsec_sad_entry_add_del
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100296{
297 u32 client_index;
298 u32 context;
299 u8 is_add;
Neale Ranns17dcec02019-01-09 21:22:20 -0800300 vl_api_ipsec_sad_entry_t entry;
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100301};
Neale Rannseba31ec2019-02-17 18:04:27 +0000302define ipsec_sad_entry_add_del_reply
303{
304 u32 context;
305 i32 retval;
306 u32 stat_index;
307};
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100308
Neale Rannsc87b66c2019-02-07 07:26:12 -0800309/** \brief Add or Update Protection for a tunnel with IPSEC
310
311 Tunnel protection directly associates an SA with all packets
312 ingress and egress on the tunnel. This could also be achieved by
313 assigning an SPD to the tunnel, but that would incur an unnessccary
314 SPD entry lookup.
315
316 For tunnels the ESP acts on the post-encapsulated packet. So if this
317 packet:
318 +---------+------+
319 | Payload | O-IP |
320 +---------+------+
321 where O-IP is the overlay IP addrees that was routed into the tunnel,
322 the resulting encapsulated packet will be:
323 +---------+------+------+
324 | Payload | O-IP | T-IP |
325 +---------+------+------+
326 where T-IP is the tunnel's src.dst IP addresses.
327 If the SAs used for protection are in transport mode then the ESP is
328 inserted before T-IP, i.e.:
329 +---------+------+-----+------+
330 | Payload | O-IP | ESP | T-IP |
331 +---------+------+-----+------+
332 If the SAs used for protection are in tunnel mode then another
333 encapsulation occurs, i.e.:
334 +---------+------+------+-----+------+
335 | Payload | O-IP | T-IP | ESP | C-IP |
336 +---------+------+------+-----+------+
337 where C-IP are the crypto endpoint IP addresses defined as the tunnel
338 endpoints in the SA.
339 The mode for the inbound and outbound SA must be the same.
340
341 @param client_index - opaque cookie to identify the sender
342 @param context - sender context, to match reply w/ request
343 @param sw_id_index - Tunnel interface to protect
344 @param sa_in - The ID [set] of inbound SAs
345 @param sa_out - The ID of outbound SA
346*/
347typedef ipsec_tunnel_protect
348{
349 vl_api_interface_index_t sw_if_index;
350 u32 sa_out;
351 u8 n_sa_in;
352 u32 sa_in[n_sa_in];
353};
354
355autoreply define ipsec_tunnel_protect_update
356{
357 u32 client_index;
358 u32 context;
359
360 vl_api_ipsec_tunnel_protect_t tunnel;
361};
362
363autoreply define ipsec_tunnel_protect_del
364{
365 u32 client_index;
366 u32 context;
367
368 vl_api_interface_index_t sw_if_index;
369};
370
371define ipsec_tunnel_protect_dump
372{
373 u32 client_index;
374 u32 context;
375 vl_api_interface_index_t sw_if_index;
376};
377
378define ipsec_tunnel_protect_details
379{
380 u32 context;
381 vl_api_ipsec_tunnel_protect_t tun;
382};
383
Filip Varga871bca92018-11-02 13:51:44 +0100384/** \brief IPsec: Get SPD interfaces
385 @param client_index - opaque cookie to identify the sender
386 @param context - sender context, to match reply w/ request
387 @param spd_index - SPD index
388 @param spd_index_valid - if 1 spd_index is used to filter
389 spd_index's, if 0 no filtering is done
390*/
391define ipsec_spd_interface_dump {
392 u32 client_index;
393 u32 context;
394 u32 spd_index;
395 u8 spd_index_valid;
396};
397
398/** \brief IPsec: SPD interface response
399 @param context - sender context which was passed in the request
400 @param spd_index - SPD index
401 @param sw_if_index - index of the interface
402*/
403define ipsec_spd_interface_details {
404 u32 context;
405 u32 spd_index;
406 u32 sw_if_index;
407};
408
Matthew Smithb0972cb2017-05-02 16:20:41 -0500409/** \brief Add or delete IPsec tunnel interface
410 @param client_index - opaque cookie to identify the sender
411 @param context - sender context, to match reply w/ request
412 @param is_add - add IPsec tunnel interface if nonzero, else delete
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400413 @param is_ip6 - tunnel v6 or v4
Matthew Smithb0972cb2017-05-02 16:20:41 -0500414 @param esn - enable extended sequence numbers if nonzero, else disable
415 @param anti_replay - enable anti replay check if nonzero, else disable
416 @param local_ip - local IP address
417 @param remote_ip - IP address of remote IPsec peer
418 @param local_spi - SPI of outbound IPsec SA
419 @param remote_spi - SPI of inbound IPsec SA
420 @param crypto_alg - encryption algorithm ID
421 @param local_crypto_key_len - length of local crypto key in bytes
422 @param local_crypto_key - crypto key for outbound IPsec SA
423 @param remote_crypto_key_len - length of remote crypto key in bytes
424 @param remote_crypto_key - crypto key for inbound IPsec SA
425 @param integ_alg - integrity algorithm ID
426 @param local_integ_key_len - length of local integrity key in bytes
427 @param local_integ_key - integrity key for outbound IPsec SA
428 @param remote_integ_key_len - length of remote integrity key in bytes
429 @param remote_integ_key - integrity key for inbound IPsec SA
Matthew Smith8e1039a2018-04-12 07:32:56 -0500430 @param renumber - intf display name uses a specified instance if != 0
431 @param show_instance - instance to display for intf if renumber is set
Filip Tehlarb4a7a7d2018-11-30 07:27:27 -0800432 @param udp_encap - enable UDP encapsulation for NAT traversal
Pierre Pfister4c422f92018-12-10 11:19:08 +0100433 @param tx_table_id - the FIB id used after packet encap
Neale Ranns80f6fd52019-04-16 02:41:34 +0000434 @param salt - for use with counter mode ciphers
Matthew Smithb0972cb2017-05-02 16:20:41 -0500435*/
Matthew Smithe04d09d2017-05-14 21:47:18 -0500436define ipsec_tunnel_if_add_del {
Matthew Smithb0972cb2017-05-02 16:20:41 -0500437 u32 client_index;
438 u32 context;
439 u8 is_add;
440 u8 esn;
441 u8 anti_replay;
Kingwel Xie1ba5bc82019-03-20 07:21:58 -0400442 vl_api_address_t local_ip;
443 vl_api_address_t remote_ip;
Matthew Smithb0972cb2017-05-02 16:20:41 -0500444 u32 local_spi;
445 u32 remote_spi;
446 u8 crypto_alg;
447 u8 local_crypto_key_len;
448 u8 local_crypto_key[128];
449 u8 remote_crypto_key_len;
450 u8 remote_crypto_key[128];
451 u8 integ_alg;
452 u8 local_integ_key_len;
453 u8 local_integ_key[128];
454 u8 remote_integ_key_len;
455 u8 remote_integ_key[128];
Matthew Smith8e1039a2018-04-12 07:32:56 -0500456 u8 renumber;
457 u32 show_instance;
Filip Tehlarb4a7a7d2018-11-30 07:27:27 -0800458 u8 udp_encap;
Pierre Pfister4c422f92018-12-10 11:19:08 +0100459 u32 tx_table_id;
Neale Ranns80f6fd52019-04-16 02:41:34 +0000460 u32 salt;
Matthew Smithb0972cb2017-05-02 16:20:41 -0500461};
462
Matthew Smithe04d09d2017-05-14 21:47:18 -0500463/** \brief Add/delete IPsec tunnel interface response
464 @param context - sender context, to match reply w/ request
465 @param retval - return status
466 @param sw_if_index - sw_if_index of new interface (for successful add)
467*/
468define ipsec_tunnel_if_add_del_reply {
469 u32 context;
470 i32 retval;
471 u32 sw_if_index;
472};
473
Matthew Smith28029532017-09-26 13:33:44 -0500474/** \brief Dump IPsec security association
475 @param client_index - opaque cookie to identify the sender
476 @param context - sender context, to match reply w/ request
477 @param sa_id - optional ID of an SA to dump, if ~0 dump all SAs in SAD
478*/
479define ipsec_sa_dump {
480 u32 client_index;
481 u32 context;
482 u32 sa_id;
483};
484
485/** \brief IPsec security association database response
486 @param context - sender context which was passed in the request
487 @param sa_id - SA ID, policy-based SAs >=0, tunnel interface SAs = 0
488 @param sw_if_index - sw_if_index of tunnel interface, policy-based SAs = ~0
489 @param spi - security parameter index
490 @param protocol - IPsec protocol (value from ipsec_protocol_t)
491 @param crypto_alg - crypto algorithm (value from ipsec_crypto_alg_t)
492 @param crypto_key_len - length of crypto_key in bytes
493 @param crypto_key - crypto keying material
494 @param integ_alg - integrity algorithm (value from ipsec_integ_alg_t)
495 @param integ_key_len - length of integ_key in bytes
496 @param integ_key - integrity keying material
497 @param use_esn - using extended sequence numbers when non-zero
498 @param use_anti_replay - using anti-replay window when non-zero
499 @param is_tunnel - IPsec tunnel mode when non-zero, else transport mode
500 @param is_tunnel_ipv6 - If using tunnel mode, endpoints are IPv6
501 @param tunnel_src_addr - Tunnel source address if using tunnel mode
502 @param tunnel_dst_addr - Tunnel destination address is using tunnel mode
503 @param salt - 4 byte salt
504 @param seq - current sequence number for outbound
505 @param seq_hi - high 32 bits of ESN for outbound
506 @param last_seq - highest sequence number received inbound
507 @param last_seq_hi - high 32 bits of highest ESN received inbound
508 @param replay_window - bit map of seq nums received relative to last_seq if using anti-replay
509 @param total_data_size - total bytes sent or received
Klement Sekera4b089f22018-04-17 18:04:57 +0200510 @param udp_encap - 1 if UDP encap enabled, 0 otherwise
Matthew Smith28029532017-09-26 13:33:44 -0500511*/
512define ipsec_sa_details {
513 u32 context;
Neale Ranns8d7c5022019-02-06 01:41:05 -0800514 vl_api_ipsec_sad_entry_t entry;
515
Matthew Smith28029532017-09-26 13:33:44 -0500516 u32 sw_if_index;
Matthew Smith28029532017-09-26 13:33:44 -0500517 u32 salt;
518 u64 seq_outbound;
519 u64 last_seq_inbound;
520 u64 replay_window;
521
522 u64 total_data_size;
523};
524
Matthew Smithca514fd2017-10-12 12:06:59 -0500525/** \brief Set new SA on IPsec interface
526 @param client_index - opaque cookie to identify the sender
527 @param context - sender context, to match reply w/ request
528 @param sw_if_index - index of tunnel interface
529 @param sa_id - ID of SA to use
530 @param is_outbound - 1 if outbound (local) SA, 0 if inbound (remote)
531*/
532autoreply define ipsec_tunnel_if_set_sa {
533 u32 client_index;
534 u32 context;
535 u32 sw_if_index;
536 u32 sa_id;
537 u8 is_outbound;
538};
539
Klement Sekerab4d30532018-11-08 13:00:02 +0100540/** \brief Dump IPsec backends
541 @param client_index - opaque cookie to identify the sender
542 @param context - sender context, to match reply w/ request
543*/
544define ipsec_backend_dump {
545 u32 client_index;
546 u32 context;
547};
548
549/** \brief IPsec backend details
550 @param name - name of the backend
551 @param protocol - IPsec protocol (value from ipsec_protocol_t)
552 @param index - backend index
553 @param active - set to 1 if the backend is active, otherwise 0
554*/
555define ipsec_backend_details {
556 u32 context;
557 u8 name[128];
Neale Ranns17dcec02019-01-09 21:22:20 -0800558 vl_api_ipsec_proto_t protocol;
Klement Sekerab4d30532018-11-08 13:00:02 +0100559 u8 index;
560 u8 active;
561};
562
563/** \brief Select IPsec backend
564 @param client_index - opaque cookie to identify the sender
565 @param context - sender context, to match reply w/ request
566 @param protocol - IPsec protocol (value from ipsec_protocol_t)
567 @param index - backend index
568*/
569autoreply define ipsec_select_backend {
570 u32 client_index;
571 u32 context;
Neale Ranns17dcec02019-01-09 21:22:20 -0800572 vl_api_ipsec_proto_t protocol;
Klement Sekerab4d30532018-11-08 13:00:02 +0100573 u8 index;
574};
575
Pavel Kotucek9c7ef032016-12-21 07:46:45 +0100576/*
577 * Local Variables:
578 * eval: (c-set-style "gnu")
579 * End:
580 */
Dave Barach11b8dbf2017-04-24 10:46:54 -0400581